Red Hat Product Errata RHSA-2026:20916 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20916 - Security Advisory Overview Updated Packages Synopsis Moderate: corosync security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for corosync is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle Support 7 x86_64 Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle Support 7 x86_64 Red Hat Enterprise Linux High Availability for IBM Power, little endian - Extended Life Cycle Support 7 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM Power, little endian - Extended Life Cycle Support 7 ppc64le Fixes BZ - 2453813 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet BZ - 2453814 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation CVEs CVE-2026-35091 CVE-2026-35092 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle Support 7 SRPM corosync-2.4.5-7.el7_9.3.src.rpm SHA-256: f7898a0b91cd9851cc0dbb9e92e3a61188586e7f10459148be701d7616029147 x86_64 corosync-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: 20671ed9664dcc5d63111aa11da34e058c35b0dd7b6dba3730e336f6c415eedc corosync-debuginfo-2.4.5-7.el7_9.3.i686.rpm SHA-256: ca385a591ab0a11eb758dddf0e322cff8e1a0c9dae247e32f1ab817bc0995f6d corosync-debuginfo-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: 0c47bb1dbd220c7f9c0933fab594520f67e870f8e07c1ea69303a28582924958 corosync-qdevice-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: 189ed6f77b887bc9a4471523f736e581ae926a9186a8329591d523dd3b02ffbd corosync-qnetd-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: c7a9d77714f7e7757fa03e220dd7c860e972efbaac61f0c4f6011d6cf6c3e728 corosynclib-2.4.5-7.el7_9.3.i686.rpm SHA-256: 745afa7f85a59eed509d23ece5a134a27bfb309daf46b62ec53ad44187f786c2 corosynclib-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: a5064db295a86811bb56d3e99c8b8fd90bba5243530dff92e637fb4f78354e02 corosynclib-devel-2.4.5-7.el7_9.3.i686.rpm SHA-256: 17d05c0bc2f926d78d4ae021693a28a3f66afd69b98db8a788a54465c1126b07 corosynclib-devel-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: aa7143cab8bacb602d32204ab7953dc80cb5b952f8d6b2fc36168e45acd3dcd4 spausedd-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: 995b5136a19100c4ad03a8fd6501a74641cd0ee6ef786439ab1889c1c88cd725 Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle Support 7 SRPM corosync-2.4.5-7.el7_9.3.src.rpm SHA-256: f7898a0b91cd9851cc0dbb9e92e3a61188586e7f10459148be701d7616029147 x86_64 corosync-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: 20671ed9664dcc5d63111aa11da34e058c35b0dd7b6dba3730e336f6c415eedc corosync-debuginfo-2.4.5-7.el7_9.3.i686.rpm SHA-256: ca385a591ab0a11eb758dddf0e322cff8e1a0c9dae247e32f1ab817bc0995f6d corosync-debuginfo-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: 0c47bb1dbd220c7f9c0933fab594520f67e870f8e07c1ea69303a28582924958 corosync-qdevice-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: 189ed6f77b887bc9a4471523f736e581ae926a9186a8329591d523dd3b02ffbd corosync-qnetd-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: c7a9d77714f7e7757fa03e220dd7c860e972efbaac61f0c4f6011d6cf6c3e728 corosynclib-2.4.5-7.el7_9.3.i686.rpm SHA-256: 745afa7f85a59eed509d23ece5a134a27bfb309daf46b62ec53ad44187f786c2 corosynclib-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: a5064db295a86811bb56d3e99c8b8fd90bba5243530dff92e637fb4f78354e02 corosynclib-devel-2.4.5-7.el7_9.3.i686.rpm SHA-256: 17d05c0bc2f926d78d4ae021693a28a3f66afd69b98db8a788a54465c1126b07 corosynclib-devel-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: aa7143cab8bacb602d32204ab7953dc80cb5b952f8d6b2fc36168e45acd3dcd4 spausedd-2.4.5-7.el7_9.3.x86_64.rpm SHA-256: 995b5136a19100c4ad03a8fd6501a74641cd0ee6ef786439ab1889c1c88cd725 Red Hat Enterprise Linux High Availability for IBM Power, little endian - Extended Life Cycle Support 7 SRPM corosync-2.4.5-7.el7_9.3.src.rpm SHA-256: f7898a0b91cd9851cc0dbb9e92e3a61188586e7f10459148be701d7616029147 ppc64le corosync-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: f5e428682ccc9268cb9351854a358deb879bd5fa78a4b82e29e1bffa69718a85 corosync-debuginfo-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 2061194d0bbfb7adddb2509bdf569ad68e8bc70918557c6c08dd1604dbd3e4f3 corosync-qdevice-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 23106b2fc137676a0efe0e61f73e9bca4fcec3a39e8435b3aeae6bc393a28a83 corosync-qnetd-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: f593411b47a1cbc97a5418da8bff0cf7edc6fb154f3146d99675c5a06159ff61 corosynclib-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 73cb46b9474d6142f04ea97ea39645b73136577fd9b7a14e6ecce68ac8b58c13 corosynclib-devel-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 202291f3552d4a62d3285d57fbb61d690706fae69ccd7e30412d4d20ab635f24 spausedd-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 61d980b276e468dbefd42778726c365a67f0ad6075bc6c4977d9eecec8dadaca Red Hat Enterprise Linux Resilient Storage for IBM Power, little endian - Extended Life Cycle Support 7 SRPM corosync-2.4.5-7.el7_9.3.src.rpm SHA-256: f7898a0b91cd9851cc0dbb9e92e3a61188586e7f10459148be701d7616029147 ppc64le corosync-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: f5e428682ccc9268cb9351854a358deb879bd5fa78a4b82e29e1bffa69718a85 corosync-debuginfo-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 2061194d0bbfb7adddb2509bdf569ad68e8bc70918557c6c08dd1604dbd3e4f3 corosync-qdevice-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 23106b2fc137676a0efe0e61f73e9bca4fcec3a39e8435b3aeae6bc393a28a83 corosync-qnetd-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: f593411b47a1cbc97a5418da8bff0cf7edc6fb154f3146d99675c5a06159ff61 corosynclib-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 73cb46b9474d6142f04ea97ea39645b73136577fd9b7a14e6ecce68ac8b58c13 corosynclib-devel-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 202291f3552d4a62d3285d57fbb61d690706fae69ccd7e30412d4d20ab635f24 spausedd-2.4.5-7.el7_9.3.ppc64le.rpm SHA-256: 61d980b276e468dbefd42778726c365a67f0ad6075bc6c4977d9eecec8dadaca The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .